South Korea’s largest online retailer, Coupang, recently recovered a damaged laptop from a river as part of an investigation into an insider data breach involving 33.7 million customer accounts. Despite the attempt to destroy evidence, forensic teams confirmed that while…
Category: EN
Singapore CSA warns of maximun severity SmarterMail RCE flaw
Singapore’s CSA warns of CVE-2025-52691, a critical SmarterMail flaw enabling unauthenticated remote code execution via arbitrary file upload. Singapore’s Cyber Security Agency of Singapore (CSA) warns of a maximum severity flaw, tracked as CVE-2025-52691 (CVSS score of 10.0), in SmarterMail.…
DevSecOps as a Strategic Imperative for Modern DevOps
If you do not take security seriously, you are just begging for trouble. Security should be an integral part of your development process, not something that you add at the end. Patches and updates do not suffice to deter severe…
Threat Actors Manipulating LLMs for Automated Vulnerability Exploitation
Large Language Models (LLMs) have revolutionized software development, democratizing coding capabilities for non-programmers. However, this accessibility has introduced a severe security crisis. Advanced AI tools, designed to assist developers, are now being weaponized to automate the creation of sophisticated exploits…
Critical IBM API Connect Vulnerability Let Attackers Bypass Logins
A critical security alert regarding a severe vulnerability in the IBM API Connect platform that could allow remote attackers to bypass authentication mechanisms. Discovered during internal testing, the flaw poses a significant risk to organizations relying on the platform for…
Best of 2025: NOT-So-Great Firewall: China Blocks the Web for 74 Min.
HTTPS connections on port 443 received forged replies. Chinese web users couldn’t access websites outside the People’s Republic yesterday. The outage lasted an hour and a quarter—with no explanation. Nobody’s sure whether it was a mistake or an ominous test of…
FCC Rules Out Foreign Drone Components to Protect National Networks
A decisive step in federal oversight on unmanned aerial technology has been taken by the United States Federal Communications Commission, in a move that is aimed at escalating federal control over unmanned aerial technology. Specifically, the FCC has prohibited…
Airbus Signals Shift Toward European Sovereign Cloud to Reduce Reliance on US Tech Giants
Airbus, the aerospace manufacturer in Europe is getting ready to depend less on big American technology companies like Google and Microsoft. The company wants to rethink how and where it does its important digital work. Airbus is going to…
Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry
Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain…
IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS…
2 US Cybersecurity Experts Guilty of Extortion Scheme for ALPHV Ransomware
Can you trust your cybersecurity team? A recent federal case reveals how two US-based cybersecurity experts turned into affiliates for the BlackCat ransomware group, extorting over $1.2M in Bitcoin. Read the full story on their 2023 crime spree. This article…
APT36 Malware Campaign Targeting Windows LNK Files to Attack Indian Government Entities
APT36, also known as Transparent Tribe, has launched a new malware campaign that targets Indian government and strategic entities by abusing Windows LNK shortcut files. The attack starts with spear‑phishing emails that carry a ZIP archive named “Online JLPT Exam…
Why Visibility Alone Fails and Context Wins in 2026
For more than a decade, cybersecurity teams have chased visibility through logs, dashboards, alerts, and tools that promised a single pane of glass. And yet, here’s the uncomfortable truth. Security… The post Why Visibility Alone Fails and Context Wins in…
Top Data Breaches of December 2025
December 2025 closed the year with several high-impact data breaches across retail, education, healthcare research, and telecom. These incidents were not driven by a single cause. Some stemmed from misconfigured… The post Top Data Breaches of December 2025 appeared first…
LinkedIn Job Scams
Interesting article on the variety of LinkedIn job scams around the world: In India, tech jobs are used as bait because the industry employs millions of people and offers high-paying roles. In Kenya, the recruitment industry is largely unorganized, so…
30,000 Korean Air Employee Records Stolen as Cl0p Leaks Data Online
Korean Air confirms a major data leak affecting 30,000 staff members after the Cl0p gang targeted a catering partner. Learn what data was stolen and the airline’s response to secure its data. This article has been indexed from Hackread –…
Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist
The worm exposed Trust Wallet’s Developer GitHub secrets, allowing attackers to publish a backdoor extension and steal funds from 2,520 wallets. The post Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist appeared first on SecurityWeek. This article…
NeuroSploitv2 – AI-Powered Pentesting Tool With Claude, GPT, and Gemini models to Detect vulnerabilities
NeuroSploitv2 is an AI-powered penetration testing framework that automates critical aspects of offensive security operations through advanced language models. The framework, available on GitHub, integrates with multiple LLM providers, including Claude, GPT, Gemini, and Ollama, to enable specialized vulnerability analysis…
In 2025, age checks started locking people out of the internet
Lawmakers enforced age checks, websites blocked entire countries, and users turned to VPNs to get around them. This article has been indexed from Malwarebytes Read the original article: In 2025, age checks started locking people out of the internet
Fears Mount That US Federal Cybersecurity Is Stagnating—or Worse
Government staffing cuts and instability, including this year’s prolonged shutdown, could be hindering US digital defense and creating vulnerabilities. This article has been indexed from Security Latest Read the original article: Fears Mount That US Federal Cybersecurity Is Stagnating—or Worse